The first rule of software is that you need to create and store database backups from time to time. This is also the case when using Dokku with PostgreSQL for hosting your apps. To automate the process and make it easier, it’s best to schedule your backups automatically, encrypt them and send to your AWS S3. We provide the know how in our step-by-step explanation.

Having backups of your data is an essential security measure in the world of IT, although it may seem like a bit of a headache sometimes - remembering to creating backups for all your data, projects, apps, etc. Automation of this process in any measure will save you a bit of time and energy. Thanks to a recent PostgreSQL plugin version, you can now encrypt a database dump before sending it to the AWS S3, which makes it a feasible solution for backing up your database to one side. Let’s then take you through the process of backup management with Dokku: scheduling backups automatically, encrypting them and then sending them to AWS S3.

Tutorial

First of all you need to ensure you are using latest version of the PostgreSQL plugin. To update it run:

dokku plugin:update postgresql

Now we can provide an encryption key for backup:

dokku postgres:backup-set-encryption app-name ENCRYPTION_KEY

ENCRYPTION_KEY must be a phrase (string) that will be used for encrypting the backup - at the time of writing this, the plugin does not support using GPG keys from a GPG agent.

We suggest using a password generator to generate random, long passwords for encryption.

After that, create a new user for AWS with ACCESS_KEY and SECRET_ACCESS_KEY. Here is the minimum policy which allows us to create backups in a bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::your-bucket-name",
                "arn:aws:s3:::your-bucket-name/*"
            ]
        }
    ]
}

Remember to update your-bucket-name with the actual name of the S3 bucket where you are going to store your database dumps.

Now you can provide credentials to the plugin:

dokku postgres:backup-auth app-name AWS_ACCESS_KEY AWS_SECRET_ACCESS_KEY

To check if backups are working correctly, run the command:

dokku postgres:backup app-name bucket-name

It should create a new database dump in your bucket. You will need to provide the ENCRYPTION_KEY in order to decrypt it.

If everything is working, you can then schedule automatic backups using crontab rules:

# Perform database backup for `app-name` and push to `bucket` every day at 10:00
dokku postgres:backup-schedule app-name 0 10 * * * bucket

To restore a database from the backup, use pg_restore (to avoid encoding issues).

We hope you have found our step-by-step guide on automatically scheduled database backups in Dokku a useful one - and make sure to check out our other blog posts for other automation tips and tricks. At iRonin we are all about finding the solutions to help minimize repetitive manual work in our clients’ software management configurations. Our expert DevOps team can help to save you time, money, and resources by re-configuring your systems. Contact us to find out more!